Installing the public key PEM file for the vRealize Automation Manager Service Host in the correct guest agent folder is the most secure approach to configuring the guest agent to trust a server.
Locate the guest agent folder on each template for the cert.pem PEM file for the Manager Service Host to trust a server:
Windows guest agent folder on each template that uses the gugent
Linux guest agent folder on each template that uses the gugent
If you do not put the cert.pem file in this location, the template reference machine cannot use the guest agent. For example, if you try to collect the public key information after the VM is started for by altering scripts, you break the security condition.
Additional considerations apply, depending on your configured environment:
For WIM installations, you must add the public key PEM file contents to the console executable and user interface. The console flag is /cert filename.
For RedHat kickstart installations, you must cut and paste the public key into the sample file, otherwise the guest agent fails to execute.
For SCCM installation, the cert.pem file must reside in the VRMGuestAgent folder.
For Linux vSphere installs, the cert.pem file must reside in the /usr/share/gugent folder.
You can optionally install software and guest agents together by downloading the following script from https://APPLIANCE/software/index.html. The script allows you to handle acceptance of SSL certificate fingerprints as you create the templates.
If you install the software and guest agent together, you do not need to use the instructions in Install the Guest Agent on a Linux Reference Machine or Install the Guest Agent on a Windows Reference Machine.